d79d1c50863e99b5d93d3d5f7f6c68a0f7774cd53e329a9cd626123c2d8b4716[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d79d1c50863e99b5d93d3d5f7f6c68a0f7774cd53e329a9cd626123c2d8b4716.zip
Size

95KB
MD5

57f82de81d963db9c0f3b91832cd96af
SHA1

39d73881b1d1c1b8fb87dd10048f6d427291001d
SHA256

b48a9889640f16d6df1e38fbeab1b8f1deca4665c57ce58f622bc92f5da17a95
SHA512

42e6e9b27a376f0d9d8a6ac7b330f8c5ead52c36e436ca7e682d902616a96c89fecc8a6e1bee9d9153dd4f512608d451c8b6f3576cc52f679588c8ac9556f581
SSDEEP

1536:0JTZC/tJR2tFziJj8g84A+otB1lkQV2jfNVBFUkPdYIElk8JxCU8F9Bjb9zHsJaA:SsstF1g84A+eNVK1VBekPdlERbM9BdBA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d79d1c50863e99b5d93d3d5f7f6c68a0f7774cd53e329a9cd626123c2d8b4716.exe

Files

d79d1c50863e99b5d93d3d5f7f6c68a0f7774cd53e329a9cd626123c2d8b4716.zip
.zip

Password: infected
d79d1c50863e99b5d93d3d5f7f6c68a0f7774cd53e329a9cd626123c2d8b4716.exe
.exe windows:6 windows x86 arch:x86

Password: infected

e5dbf4f8ccc1f4276248f5791017efa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
GetCommandLineA
FindNextFileA
HeapAlloc
InitializeCriticalSectionAndSpinCount
GlobalGetAtomNameW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetTempPathW
VirtualAlloc
EnumSystemCodePagesA
SetEndOfFile
CreateFileW
OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
SetFilePointerEx
ReadFile
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
CloseHandle
GetProcessHeap
IsDebuggerPresent
GetCurrentThreadId
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent

oleaut32

VarDecFix
CreateStdDispatch
VarCyFromR4
VarFormatFromTokens
VarAdd
VarI2FromBool
VarI1FromStr
SafeArrayCreateVector

rpcrt4

I_RpcTransConnectionReallocPacket
NdrConformantVaryingStructBufferSize
MesIncrementalHandleReset
I_RpcParseSecurity
NdrComplexStructFree
NdrComplexStructMemorySize

wininet

GopherGetLocatorTypeW
InternetGetCertByURL
ShowSecurityInfo
HttpSendRequestExW
FtpPutFileA
InternetTimeFromSystemTime
InternetReadFileExA

ole32

ReleaseStgMedium
HWND_UserUnmarshal
HWND_UserSize
StgCreatePropSetStg
HBRUSH_UserMarshal
CLSIDFromProgID

resutils

ResUtilGetProperties
ResUtilGetPrivateProperties
ResUtilDupParameterBlock
ResUtilEnumPrivateProperties

winmm

GetDriverModuleHandle
mmioAdvance
midiInUnprepareHeader
auxGetNumDevs
waveOutWrite
NotifyCallbackData
auxGetDevCapsW

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e5dbf4f8ccc1f4276248f5791017efa9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

rpcrt4

wininet

ole32

resutils

winmm

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 15KB - Virtual size: 24KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 15KB - Virtual size: 24KB